Disconnect the STA if EAP timeout is reached
There is not really much else the Authenticator can do if it does not receive valid EAP response from the Supplicant/EAP peer. EAP-Failure would need to be sent before trying to start again with EAP-Request/Identity, but that is not allowed before the EAP peer actually replies. Anyway, forcing a new association is likely to clean up peer state, too, so it can help fixing some issues that could have caused the peer not to be able to reply in the first place.
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
98de443890
commit
805e6dc663
|
|
@ -1361,6 +1361,22 @@ void ieee802_1x_abort_auth(struct hostapd_data *hapd, struct sta_info *sta)
|
|||
os_free(sm->last_recv_radius);
|
||||
sm->last_recv_radius = NULL;
|
||||
}
|
||||
|
||||
if (sm->eap_if->eapTimeout) {
|
||||
/*
|
||||
* Disconnect the STA since it did not reply to the last EAP
|
||||
* request and we cannot continue EAP processing (EAP-Failure
|
||||
* could only be sent if the EAP peer actually replied).
|
||||
*/
|
||||
sm->eap_if->portEnabled = FALSE;
|
||||
hostapd_sta_deauth(hapd, sta->addr,
|
||||
WLAN_REASON_PREV_AUTH_NOT_VALID);
|
||||
sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC |
|
||||
WLAN_STA_AUTHORIZED);
|
||||
eloop_cancel_timeout(ap_handle_timer, hapd, sta);
|
||||
eloop_register_timeout(0, 0, ap_handle_timer, hapd, sta);
|
||||
sta->timeout_next = STA_REMOVE;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue